Exposes local ports to public URLs through Cloudflare Edge github.com/tuanngocptn/np…

これ良いね。SkillsをCLIコマンド１行で人と共有できるようになる。 github.com/vercel-labs/ad…

Just published a new article on bypassing live Cloudflare, ModSecurity, Fortinet, Akamai WAFs with SQL injection using Ghauri and Sqlmap. Don’t forget to read the Tips section for all methods and tricks that always worked for me. infosecwriteups.com/mastering-sqlm…

Discover how the Fairy Law technique leverages Windows mitigation policies to bypass Endpoint Detection and Response (EDR) solutions. - Orange Cyberdefense orangecyberdefense.com/global/blog/cy…

Voting is now live for the top ten web hacking techniques of 2025! Grab a coffee, browse the 61 quality nominations and cast your vote on the most creative and ground-breaking techniques: portswigger.net/polls/top-10-w…

This repo contains PoCs for vulnerable Windows drivers. github.com/ghostbyt3/WinD…

Assetnote Searchlight Cyber My work on the novel SSRF technique that landed a critical payout at a Live Hacking Event: slcyber.io/assetnote-secu…

My JS surface mapper is now live in CAI (Alias Robotics). It's a tool for the web pentester agent that does JS analysis: github.com/aliasrobotics/…

Manually going through multiple web archiving sites while hunting can be a tedious task. Here is a browser extension to help you do that quickly. chromewebstore.google.com/detail/web-arc… addons.mozilla.org/en-US/firefox/…

Blog post: On the Coming Industrialisation of Exploit Generation with LLMs sean.heelan.io/2026/01/18/on-… TL;DR: I ran an experiment with GPT-5.2 and Opus 4.5 based agents to generate exploits for a zeroday QuickJS bug. They're pretty good at it. Code: github.com/SeanHeelan/ana…

Matt Shumer If you need a list of useful skills, check this out: github.com/BehiSecc/aweso…

GitHub - CyberSecurityUP/Awesome-Red-Team-Operations github.com/CyberSecurityU…

🤯A Really Awesome Guide on JavaScript Analysis for Pentesters Blog: kpwn.de/2023/05/javasc… Author: Konstantin #infosec

My Web challenge writeups from 0xL4ugh CTF v5👑🚩 1) pdf.exe Next.js DNS Rebinding → Python CRLF → pdfkit Injection mushroom.cat/ctf/nextjs-ssr… 2) gap Lodash RCE via JSON vs JS mismatch mushroom.cat/ctf/json-js-rc… Both include 0-days 👌 And take my word.. Lodash one is fun😉

🚀 Open-sourcing MCP Security Hub A growing collection of MCP servers bringing security tools to AI assistants Nmap, Ghidra, Nuclei, SQLMap, Hashcat... and we're just getting started Contribute your favorite tools 🛠️ ⭐ github.com/FuzzingLabs/mc…

Gemini CLI 🤝 OpenClaw🦞 Read below how Gemini CLI's Security extension helped identify and resolve a security vulnerability in OpenClaw. Gemini CLI then helped put up a PR which has since been merged. ✅ Read the details below👇

About A growing collection of #MCP servers bringing offensive security tools to AI assistants. Nmap, Ghidra, Nuclei, SQLMap, Hashcat and more. github.com/FuzzingLabs/mc…

I've been doing bug bounty for years. I just published a long piece on what it actually feels like in 2026, and why something fundamental has shifted. aituglo.com/state-of-bug-b… Would love to get your feedback on it here on X or directly on the blog